<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>用户注册</title>
<style type="text/css">
<!--
td {  font-size: 9pt}
-->
</style>
</head>
<body bgcolor="#ffffff" topmargin=0>

<?php

// first we create a random session key
$REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];							// get client ip address
srand((double)microtime()*1000000 );							// initialize random seed
$rand = rand(1,9);												// generate a random number between 1 to 9
$session_id = $rand.substr(md5($REMOTE_ADDR), 0, 11+$rand);		/* append the random number to the beginning
of the session_id string followed by a substring of the md5 ip address hash with a dynamic length of anything between 11 to 16 digits (the max length of
the md5 hash) */
$session_id .= substr(md5(rand(1,1000000)), rand(1,32-$rand), 21-$rand);	// further add a dynamic length digits to 
																		// to the session_id string composed of the
																		// md5 hash for random number
session_id($session_id);							// apply the session_id that we created
session_start();									// initiate the session


include 'config.php';
include 'opendb.php';

if (isset($_POST['submit'])) {
	$username = $dbSocket->escapeSimple($_POST['username']);
	$password = $dbSocket->escapeSimple($_POST['password']);
	$userinfo = $configValues['CONFIG_DB_TBL_DALOUSERINFO'];

	/* check user and password */
	$sql = "SELECT id, username FROM $userinfo WHERE username = '$username' AND portalloginpassword = '$password'";
	$res = $dbSocket->query($sql);
	if ($res->numRows() == 1) {
		// the user id and password match,
		// set the session

		$row = $res->fetchRow(DB_FETCHMODE_ASSOC);
		$operator_id = $row['id'];
		
		$_SESSION['westlakeloginok'] = true;
		$_SESSION['westlakeusername'] = $username;

		// lets update the lastlogin time for this operator
		$date = date("Y-m-d H:i:s");
		$sql = "UPDATE $userinfo SET lastlogin='$date' WHERE username='$username'";
		$res = $dbSocket->query($sql);

		// after login we move to the main page
		header('Location: useradmin.php');
	}
	else{
		echo "登录失败！请检查用户名和密码。<br/>";
	}
} // if submit
else{
	echo "<br/><br/>No action.<br/>";
}
$dbSocket->disconnect();
?>
</body>
</html>


